Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Modularization updates (#12)

Browse Source 
* Store install-cni-plugins.sh once

* Newlines in on-boot-script

* Update example on_boot.sh for directory

* Update README.md examples

* Store 20-dns.conflist once

* Add modularized nextdns config w/IPv6 support

* Make nextdns script more generic

* Use common setup script for each dns service

* Add missing newlines

* Readme updates and ipv6 support

* Readme updates and ipv6 support

* Final updates and Ipv6

Co-authored-by: exodious <exodious@users.noreply.github.com>
This commit is contained in:
John D 2020-06-28 06:02:50 -07:00 committed by GitHub
parent a3fd35c956
commit 511d058460
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 306 additions and 271 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
AdguardHome/README.md
View File

@ -5,43 +5,32 @@
2. Persists through reboots and firmware updates.
### Requirements
1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
2. AdguardHome persists through firmware updates as it will store the configuration in a folder (you need to create this)
It needs 2 folders, a Work and Configuration folder. Plese create the 2 folder in "/mnt/data/". In my example I created "AdguardHome-Confdir" and "AdguardHome-Workdir"
The on-boot script needs to be setup after firmware update of UDM. When on-boot script is recreated, everything should work.
1. You have setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
2. AdguardHome persists through firmware updates as it will store the configuration in a folder (you need to create this). It needs 2 folders, a Work and Configuration folder. Please create the 2 folders in "/mnt/data/". In my example I created "AdguardHome-Confdir" and "AdguardHome-Workdir"
3. The on-boot script needs to be setup after firmware update of UDM. When on-boot script is recreated, everything should work.
### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist), also update all the ips accordingly
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
### Steps
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/install-cni-plugins.sh) on your UDM
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh) symlink). This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/AdguardHome/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to your AdGuard instance
5. Execute on_boot.sh
6. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below.
1. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
1. Execute /mnt/data/on_boot.d/10-dns.sh
1. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
1. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below.
```
podman run -d --network dns --restart always \
--name adguardhome \
-v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" \
-v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" \
--dns=127.0.0.1 --dns=1.1.1.1 \
--hostname adguardhome \
adguard/adguardhome:arm64-latest
```
```shell script
podman run -d --network dns --restart always \
--name adguardhome \
-v "/mnt/data/AdguardHome-Confdir/:/opt/adguardhome/conf/" \
-v "/mnt/data/AdguardHome-Workdir/:/opt/adguardhome/work/" \
--dns=127.0.0.1 --dns=1.1.1.1 \
--hostname adguardhome \
adguard/adguardhome:arm64-latest
```
7. Change on_boot.sh line 17
From
```
#podman start AdguardHome
```
To
```
podman start AdguardHome
```
This makes sure that the AdguardHome container will start after reboot of UDM.
8. Browse to 10.0.5.3:3000 and follow the setup wizard
9. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
10. Access the AdguardHome like you would normally.
7. Browse to 10.0.5.3:3000 and follow the setup wizard
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
9. Access the AdguardHome like you would normally.

24
AdguardHome/udm-files/on_boot.sh
View File

@ -1,24 +0,0 @@
#!/bin/sh
mkdir -p /opt/cni
ln -s /mnt/data/podman/cni/ /opt/cni/bin
ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist
# Create a new bridge interface so the host can talk to containers inside the podman macvlan network
# Assumes your Podman network made in the controller is on VLAN 5
# Adjust the IP to match the address in your cni configuration
ip link set br5 promisc on
ip link add br5.mac link br5 type macvlan mode bridge
ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
ip link set br5.mac promisc on
ip link set br5.mac up
ip route add 10.0.5.3/32 dev br5.mac
#Remove the # on the line below when Docker container is deployed.
#podman start adguardhome
# Uncomment and adjust these rules if you want to use DNAT to force DNS to this container.
# iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
# iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3

3
README.md
View File

@ -4,6 +4,9 @@ A collection of things to enhance the capabilities of your Unifi Dream Machine o
### on-boot-script
Run any commands when your UDM starts.
### dns-common
Configurations for DNS containers, both IPv4 and IPv6
### run-pihole
Run pihole on your UDM with podman. Utilizes macvlan cni plugins to completely isolate the network stack

0
AdguardHome/udm-files/20-dns.conflist → cni-plugins/20-dns.conflist
View File

8
nextdns/udm-files/20-dns.conflist → cni-plugins/20-dnsipv6.conflist
View File

@ -12,10 +12,14 @@
{
"address": "10.0.5.3/24",
"gateway": "10.0.5.1"
}
},
{
"address": "fd62:89a2:fda9:e23::2/64",
"gateway": "fd62:89a2:fda9:e23::1"
}
],
"routes": [
{"dst": "0.0.0.0/0"}
{"dst": "0.0.0.0/0"},{"dst": "::/0"}
]
}
}

1
AdguardHome/install-cni-plugins.sh → cni-plugins/install-cni-plugins.sh
View File

@ -1,4 +1,5 @@
#!/bin/sh
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz -o /tmp/cni.tgz
mkdir -p /mnt/data/podman/cni/
tar xf /tmp/cni.tgz -C /mnt/data/podman/cni/

98
dns-common/on_boot.d/10-dns.sh Normal file
View File

@ -0,0 +1,98 @@
#!/bin/sh
## configuration variables:
VLAN=5
IPV4_IP="10.0.5.3"
IPV4_GW="10.0.5.1/24"
# if you want IPv6 support, generate a ULA, select an IP for the dns server
# and an appropriate gateway address on the same /64 network. Make sure that
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
# added along with a ::/0 route. Also make sure that additional --dns options
# are passed to podman with your IPv6 DNS IPs when deploying the container for
# the first time. You will also need to configure your VLAN to have a static
# IPv6 block.
# IPv6 Also works with Prefix Delegation from your provider. The gateway is the
# IP of br(VLAN) and you can pick any ip address within that subnet that dhcpv6
# isn't serving
IPV6_IP=""
IPV6_GW=""
# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
# re-routed through the DNS container. separate interfaces with spaces.
# e.g. "br0" or "br0 br1" etc.
FORCED_INTFC=""
# container name; e.g. nextdns, pihole, adguardhome, etc.
CONTAINER=nextdns
## network configuration and startup:
CNI_PATH=/mnt/data/podman/cni
if [ ! -f "$CNI_PATH"/macvlan ]
then
mkdir -p $CNI_PATH
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz | tar -xz -C $CNI_PATH
fi
mkdir -p /opt/cni
ln -s $CNI_PATH /opt/cni/bin
for file in "$CNI_PATH"/*.conflist
do
if [ -f "$file" ]; then
ln -s "$file" "/etc/cni/net.d/$(basename "$file")"
fi
done
# set VLAN bridge promiscuous
ip link set br${VLAN} promisc on
# create macvlan bridge and add IPv4 IP
ip link add br${VLAN}.mac link br${VLAN} type macvlan mode bridge
ip addr add ${IPV4_GW} dev br${VLAN}.mac noprefixroute
# (optional) add IPv6 IP to VLAN bridge macvlan bridge
if [ -n "${IPV6_GW}" ]; then
ip -6 addr add ${IPV6_GW} dev br${VLAN}.mac noprefixroute
fi
# set macvlan bridge promiscuous and bring it up
ip link set br${VLAN}.mac promisc on
ip link set br${VLAN}.mac up
# add IPv4 route to DNS container
ip route add ${IPV4_IP}/32 dev br${VLAN}.mac
# (optional) add IPv6 route to DNS container
if [ -n "${IPV6_IP}" ]; then
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
fi
if podman container exists ${CONTAINER}; then
podman start ${CONTAINER}
else
echo "Container $CONTAINER not found, make sure you set the proper name, if you have you can ignore this error"
fi
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
for intfc in ${FORCED_INTFC}; do
if [ -d "/sys/class/net/${intfc}" ]; then
for proto in udp tcp; do
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
if [ -n "${IPV6_IP}" ]; then
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
fi
done
fi
done

51
nextdns/README.md
View File

@ -7,24 +7,25 @@
4. If you are already using PiHole and want to test NextDNS out, you can just stop your PiHole container and start this one in its place using the same IP/CNI config.
### Requirements
1. You have already setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
1. You have already setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
2. NextDNS persists through firmware updates. The on-boot script does not. If you update your firmware, setup on-boot again and everything should work.
### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist), also update all the ips accordingly
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
* The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please contribute back via a Pull Request.
* If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns.
* If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns.
* Edit [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) and update its values to reflect your environment (specifically the container name)
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
### Docker
The offical repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
The official repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
The Dockerfile is included, you can build it locally on your UDM if you don't want to pull from Docker Hub or make customizations
```
```shell script
podman build . -t nextdns-udm:latest
```
Building from another device is possible. You must have [buildx](https://github.com/docker/buildx/) installed to do cross platform builds. This is useful if you want to mirror to a private repo
```
```shell script
docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
```
@ -32,22 +33,20 @@ docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
If you have already installed PiHole, skip right to step 6.
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/install-cni-plugins.sh) on your UDM
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh) symlink). This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to NextDNS
5. Execute on_boot.sh
6. Create /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it.
7. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
```
podman run -d -it --privileged --network dns --restart always \
--name nextdns \
-v "/mnt/data/nextdns/:/etc/nextdns/" \
-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
--mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \
--dns=45.90.28.163 --dns=45.90.30.163 \
--hostname nextdns \
boostchicken/nextdns-udm:latest
```
Note:
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
9. Uncomment ```podman start nextdns``` in on_boot.sh
2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
3. Execute /mnt/data/on_boot.d/10-dns.sh
4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
5. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
6. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
```shell script
podman run -d -it --privileged --network dns --restart always \
--name nextdns \
-v "/mnt/data/nextdns/:/etc/nextdns/" \
-v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
--mount type=bind,source=/config/dnsmasq.lease,target=/tmp/dnsmasq.leases \
--dns=45.90.28.163 --dns=45.90.30.163 \
--hostname nextdns \
boostchicken/nextdns-udm:latest
```
7. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.

2
nextdns/docker/Dockerfile
View File

@ -8,4 +8,4 @@ RUN apk add --no-cache ca-certificates \
&& rm /tmp/nextdns.tar.gz
EXPOSE 53/tcp 53/udp
ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"]
CMD []
CMD []

5
nextdns/install-cni-plugins.sh
View File

@ -1,5 +0,0 @@
#!/bin/sh
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz -o /tmp/cni.tgz
mkdir -p /mnt/data/podman/cni/
tar xf /tmp/cni.tgz -C /mnt/data/podman/cni/
rm /tmp/cni.tgz

25
nextdns/udm-files/on_boot.sh
View File

@ -1,25 +0,0 @@
#!/bin/sh
mkdir -p /opt/cni
ln -s /mnt/data/podman/cni/ /opt/cni/bin
ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist
# Assumes your Podman network made in the controller is on VLAN 5
# Adjust the IP to match the address in your cni configuration
ip link set br5 promisc on
ip link add br5.mac link br5 type macvlan mode bridge
ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
ip link set br5.mac promisc on
ip link set br5.mac up
ip route add 10.0.5.3/32 dev br5.mac
# Remove the # on the line below when Docker container is deployed.
#podman start nextdns
# optional if you dont want to force everything through nextdns. also add anymore bridges for other networks (br5, 10 etc), un comment if you want to use them
# iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
# iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE
# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE

118
on-boot-script/README.md
View File

@ -1,75 +1,69 @@
# UDM / UDMPro Boot Script
### Features
1. Allows you to run a shell script at S95 anytime your UDM starts / reboots
1. Persists through reboot
1. Must be re-done after firmware updates
### Compatiblity
### Compatibility
1. Should work on any UDM/UDMPro after 1.6.3
2. Tested and confirmed on 1.6.6, 1.7.0, 1.7.2rc4
2. Tested and confirmed on 1.6.6, 1.7.0, 1.7.2rc4, 1.7.3rc1
## Steps
# 1. Make your script on the UDM/UDMPRO
```
vi /mnt/data/on_boot.sh
chmod u+x /mnt/data/on_boot.sh
```
Example: see examples/udm-files/on_boot.sh
```
#!/bin/sh
podman start wpa_supplicant-udmpro
iptables -t nat -C PREROUTING -p udp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x || iptables -t nat -A PREROUTING -p udp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x
iptables -t nat -C PREROUTING -p tcp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x || iptables -t nat -A PREROUTING -p tcp ! --source 10.0.0.x ! --destination 10.0.0.x --dport 53 -j DNAT --to 10.0.0.x
iptables -t nat -C POSTROUTING -j MASQUERADE || iptables -t nat -A POSTROUTING -j MASQUERADE
```
### Automated Setup
1. Copy [install.sh](install.sh) to your UDM and execute it
1. Copy any shell scripts you want to run to /mnt/data/on_boot.d and make sure they are executable and have the correct shebang (#!/bin/sh)
Examples:
* Start a DNS Container [10-dns.sh](../dns-common/on_boot.d/10-dns.sh)
* Start wpa_supplicant [on_boot.d/10-wpa_supplicant.sh](examples/udm-files/on_boot.d/10-wpa_supplicant.sh)
# 2. Make the unifios docker container execute this script on startup, this has to be done after every firmware update. It does persist through reboots.
### Manual Setup
## Automatic
1. Copy on_boot.sh and make on_boot.d and add scripts to on_boot.d
```shell script
mkdir -p /mnt/data/on_boot.d
vi /mnt/data/on_boot.sh
chmod u+x /mnt/data/on_boot.sh
```
Example: [on_boot.sh](examples/udm-files/on_boot.sh)
1. Copy install.sh and install-unifios.sh to your UDM
2. Execute install.sh
1. Enter the container shell
```shell script
unifi-os shell
```
1. make a script that sshs to the udm and runs on our boot script. 127.0.1.1 always points to the UDM
```shell script
echo "#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh
chmod u+x /etc/init.d/udm.sh
```
Example: [udm.sh](examples/unifi-os-files/udm.sh)
1. make a service that runs on startup, after we have networking
```shell script
echo "[Unit]
Description=Run On Startup UDM
After=network.target
[Service]
ExecStart=/etc/init.d/udm.sh
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
```
Example: [udmboot.service](examples/unifi-os-files/udmboot.service)
## Manual
```
podman exec -it unifi-os sh
```
### make a script that sshs to the udm and runs on our boot script
Example: examples/unifi-os-files/udm.sh
```
echo "#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh # 127.0.1.1 always points to the UDM
```
#### make said script executable
```
chmod u+x /etc/init.d/udm.sh
```
### make a service that runs on startup, after we have networking
Example: examples/unifi-os-files/udmboot.service
```
echo "[Unit]
Description=Run On Startup UDM
After=network.target
[Service]
ExecStart=/etc/init.d/udm.sh
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
```
### enable it and test
```
systemctl enable udmboot
systemctl start udmboot
```
### back to the udm
```
exit
```
# reboot your udm/udmpro and make sure it worked
```
reboot
exit
```
1. enable it and test
```shell script
systemctl enable udmboot
systemctl start udmboot
```
1. back to the udm
```shell script
exit
```
1. reboot your udm/udmpro and make sure it worked
```shell script
reboot
exit
```

7
on-boot-script/examples/udm-files/on_boot.d/10-wpa_supplicant.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
## create files like this with different numbers for execution order
## ala /etc/profile.d
## example command to run, please replace with your own.
podman start wpa_supplicant-udmpro

10
on-boot-script/examples/udm-files/on_boot.sh
View File

@ -1,5 +1,9 @@
#!/bin/sh
## example command to run, please replace with your own.
podman start wpa_supplicant-udmpro
if [ -d /mnt/data/on_boot.d ]; then
for i in /mnt/data/on_boot.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
fi

1
on-boot-script/examples/unifi-os-files/udm.sh
View File

@ -1,2 +1,3 @@
#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'

3
on-boot-script/install-unifios.sh
View File

@ -1,4 +1,5 @@
#!/bin/sh
echo "#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 '/mnt/data/on_boot.sh'" > /etc/init.d/udm.sh
chmod u+x /etc/init.d/udm.sh
@ -14,4 +15,4 @@ ExecStart=/etc/init.d/udm.sh
WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
systemctl enable udmboot
systemctl start udmboot
systemctl start udmboot

48
on-boot-script/install.sh
View File

@ -1,3 +1,45 @@
podman cp install-unifios.sh unifi-os:/root/install-unifios.sh
podman exec unifi-os chmod +x /root/install-unifios.sh
podman exec unifi-os sh -c /root/install-unifios.sh
#!/bin/sh
echo "Creating on boot script on device"
echo '#!/bin/sh
if [ -d /mnt/data/on_boot.d ]; then
for i in /mnt/data/on_boot.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
fi
' > /mnt/data/on_boot.sh
chmod u+x /mnt/data/on_boot.sh
mkdir -p /mnt/data/on_boot.d
echo "Creating script to modify unifios container"
echo '#!/bin/sh
echo "#!/bin/sh
ssh -o StrictHostKeyChecking=no root@127.0.1.1 ''/mnt/data/on_boot.sh''" > /etc/init.d/udm.sh
chmod u+x /etc/init.d/udm.sh
echo "[Unit]
Description=Run On Startup UDM
After=network.target
[Service]
ExecStart=/etc/init.d/udm.sh
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/udmboot.service
systemctl enable udmboot
systemctl start udmboot
' > /tmp/install-unifios.sh
podman cp /tmp/install-unifios.sh unifi-os:/root/install-unifios.sh
podman exec -it unifi-os chmod +x /root/install-unifios.sh
echo "Executing container modifications"
podman exec -it unifi-os sh -c /root/install-unifios.sh
rm /tmp/install-unifios.sh
echo "Installed on_boot hook. Populate /mnt/data/on_boot.d with scripts to run"

2
python/install_pip.sh
View File

@ -8,4 +8,4 @@ python get-pip.py
ln -s $(podman inspect unifi-os -f {{.GraphDriver.Data.MergedDir}})/usr/local/bin/pip3 /usr/bin/pip
rm /usr/lib64/libssl.so.1.1
rm /usr/lib64/libcrypto.so.1.1
rm /usr/lib64/libcrypto.so.1.1

0
python/on_boot.sh → python/on_boot.d/20-python.sh
View File

63
run-pihole/README.md
View File

@ -5,45 +5,44 @@
2. Persists through reboots and firmware updates.
### Requirements
1. You have setup the on boot script described [here](https://github.com/boostchicken/udmpro-utilities/tree/master/on-boot-script)
1. You have successfully setup the on boot script described [here](https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script)
2. PiHole persists through firmware updates. The on-boot script does not. If you update your firmware, setup on-boot again and everything should work.
### Customization
* Feel free to change [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist) to change the IP address of the container. Make sure to update all ip references and the iptables rules in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh). The IP address can be anywhere from x.x.x.3 to x.x.x.254. .1 is reserved for the gateway and .2 is reserved for the macvlan bridge.
* If you don't want to use vlan5, just replace br5 with br(vlanid) in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh) and [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist), also update all the ips accordingly
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
### Steps
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
2. Install the CNI plugins with by executing [install-cni-plugins.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/install-cni-plugins.sh) on your UDM
3. Copy [20-dns.conflist](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/20-dns.conflist) to /mnt/data/podman/cni (or a place of your choosing and update [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh) symlink). This will create your podman macvlan network
4. Update your on_boot.sh to include the commands in [on_boot.sh](https://github.com/boostchicken/udm-utilities/blob/master/run-pihole/udm-files/on_boot.sh). You can leave out the iptables rules if you don't want to DNAT all DNS calls to your PiHole
5. Execute on_boot.sh
6. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below.
2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
3. Execute /mnt/data/on_boot.d/10-dns.sh
4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
5. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below.
```
podman run -d --network dns --restart always \
--name pihole \
-e TZ="America/Los Angeles" \
-v "/mnt/data/etc-pihole/:/etc/pihole/" \
-v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
--dns=127.0.0.1 --dns=1.1.1.1 \
--hostname pi.hole \
-e VIRTUAL_HOST="pi.hole" \
-e PROXY_LOCATION="pi.hole" \
-e ServerIP="10.0.5.3" \
-e IPv6="False" \
pihole/pihole:latest
```
The below errors are expected and acceptable
```
ERRO[0022] unable to get systemd connection to add healthchecks: dial unix /run/systemd/private: connect: no such file or directory
ERRO[0022] unable to get systemd connection to start healthchecks: dial unix /run/systemd/private: connect: no such file or directory
```
```shell script
podman run -d --network dns --restart always \
--name pihole \
-e TZ="America/Los Angeles" \
-v "/mnt/data/etc-pihole/:/etc/pihole/" \
-v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
--dns=127.0.0.1 --dns=1.1.1.1 \
--hostname pi.hole \
-e VIRTUAL_HOST="pi.hole" \
-e PROXY_LOCATION="pi.hole" \
-e ServerIP="10.0.5.3" \
-e IPv6="False" \
pihole/pihole:latest
```
The below errors are expected and acceptable
```
ERRO[0022] unable to get systemd connection to add healthchecks: dial unix /run/systemd/private: connect: no such file or directory
ERRO[0022] unable to get systemd connection to start healthchecks: dial unix /run/systemd/private: connect: no such file or directory
```
7. Set pihole password
```
podman exec -it pihole pihole -a -p YOURNEWPASSHERE
```
```shell script
podman exec -it pihole pihole -a -p YOURNEWPASSHERE
```
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
9. Access the pihole like you would normally.
9. Uncomment ```podman start pihole``` in on_boot.sh

5
run-pihole/install-cni-plugins.sh
View File

@ -1,5 +0,0 @@
#!/bin/sh
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz -o /tmp/cni.tgz
mkdir -p /mnt/data/podman/cni/
tar xf /tmp/cni.tgz -C /mnt/data/podman/cni/
rm /tmp/cni.tgz

23
run-pihole/udm-files/20-dns.conflist
View File

@ -1,23 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "dns",
"plugins": [
{
"type": "macvlan",
"mode": "bridge",
"master": "br5",
"ipam": {
"type": "static",
"addresses": [
{
"address": "10.0.5.3/24",
"gateway": "10.0.5.1"
}
],
"routes": [
{"dst": "0.0.0.0/0"}
]
}
}
]
}

25
run-pihole/udm-files/on_boot.sh
View File

@ -1,25 +0,0 @@
#!/bin/sh
mkdir -p /opt/cni
ln -s /mnt/data/podman/cni/ /opt/cni/bin
ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist
# Create a new bridge interface so the host can talk to containers inside the podman macvlan network
# Assumes your Podman network made in the controller is on VLAN 5
# Adjust the IP to match the address in your cni configuration
ip link set br5 promisc on
ip link add br5.mac link br5 type macvlan mode bridge
ip addr add 10.0.5.1/24 dev br5.mac noprefixroute
ip link set br5.mac promisc on
ip link set br5.mac up
ip route add 10.0.5.3/32 dev br5.mac
# Remove the # on the line below when Docker container is deployed.
#podman start pihole
# Uncomment and adjust these rules if you want to use DNAT to force DNS to this container.
# iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
# iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3
# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE
# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE